CSO - Cyber Security Informer

Report finds women are declining CISO/CSO roles

Tech Republic Security

SEPTEMBER 30, 2022

The post Report finds women are declining CISO/CSO roles appeared first on TechRepublic. Professional risk factors into career decisions, and successful women need to encourage other women to accept the risks, says Accenture.

CSO

CSO CISO Risk Cybersecurity

Former Uber CSO found guilty of obstruction in attempted data breach cover-up

Tech Republic Security

OCTOBER 6, 2022

The post Former Uber CSO found guilty of obstruction in attempted data breach cover-up appeared first on TechRepublic. Joe Sullivan schemed to hide a 2016 breach of 57 million users’ information shortly after he was hired.

CSO

CSO Data breaches

Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach

CSO Magazine

MAY 23, 2023

Like most CSOs, Joe Sullivan was drawn to the role to help prevent cybercrimes. His role as CSO of Uber was something of a shift from his previous job prosecuting cybercriminals as an assistant US attorney, but closer to the tip of the cybersecurity spear.

CSO

CSO CISO Cybercrime Cybersecurity

A Chief Security Concern for Executive Teams

Krebs on Security

DECEMBER 18, 2018

KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Not that these roles are somehow more or less important than that of a CISO/CSO within the organization.

CSO

CSO CISO Marketing Banking

Bug Bounty Programs Are Being Used to Buy Silence

Schneier on Security

APRIL 3, 2020

However, CSO's investigation shows that the bug bounty platforms have turned bug reporting and disclosure on its head, what multiple expert sources, including HackerOne's former chief policy officer, Katie Moussouris, call a "perversion." [.]. Leitschuh, the Zoom bug finder, agrees.

CSO

CSO Marketing

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Krebs on Security

JULY 21, 2023

A review of the executives pages published by the 2022 list of Fortune 100 companies found only four — BestBuy , Cigna , Coca-Cola , and Walmart — that listed a Chief Security Officer (CSO) or Chief Information Security Officer (CISO) in their highest corporate ranks. Nor is the average pay hugely different among all these roles.

CSO

CSO CISO Insurance Risk

What is an ISAC or ISAO? How these cyber threat information sharing organizations improve security

CSO Magazine

JULY 26, 2022

Get the latest from CSO by signing up for our newsletters. ]. ISACs also facilitate the sharing of data between public and private sector groups. Learn what you need to know about defending critical infrastructure. |

Cyber threats

Cyber threats CSO

RSAC Fireside Chat: StackHawk helps move the application security needle to ‘shift everywhere’

The Last Watchdog

APRIL 20, 2023

Guest expert: Scott Gerlach, CSO, StackHawk We had a great conversation about how the venerable “ shift left ” security philosophy is being refined so that it better aligns with the way software gets developed today – at light speed.

CSO

CSO Software Internet Internet

After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key

Security Boulevard

APRIL 3, 2023

Out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com,” GitHub CSO and SVP. In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week.

CSO

CSO Software Risk Government

CSO’s Perspective: The Okta Breach and What It Means to the Broader Community

Security Boulevard

NOVEMBER 9, 2023

Den Jones shares his perspective as a CSO on the recent Okta breach, and what that means for the broader security community. The post CSO’s Perspective: The Okta Breach and What It Means to the Broader Community first appeared on Banyan Security.

CSO

Insider risk management: Where your program resides shapes its focus

CSO Magazine

MAY 29, 2023

In 2019, a CSO article raised the question “ Insider risk management — who’s the boss ?” Over the years I have hypothesized that where such IRM programs reside within an organization will have a material impact on its focus and possibly its overall effectiveness.

Risk

Risk CSO Government

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

About the essayist: Den Jones, CSO at Banyan Security , which supplies s imple, least-privilege, multi-cloud application access technologies. Food for thought, eh!

Ransomware

Ransomware Risk Internet Internet

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

The Last Watchdog

JULY 25, 2024

Dimitri Chichlo , CSO, BforeAI Chichlo Our networks remain fragile because of interdependence and the assumption that technology always works. Starting now and for at least the next month, all organizations should be in a heightened state of vigilance for phishing emails purporting to be from, or affiliated with, CrowdStrike.

Technology

Technology Ransomware Software Cyber Attacks

Unlocking New Potential with MSPBots: A Conversation with Callen Sapien

Security Boulevard

OCTOBER 2, 2024

I recently had the opportunity to interview Callen Sapien, President and acting Chief Security Officer (CSO) of MSPBots on the show floor of the Build IT event in Orlando, FL, to explore The post Unlocking New Potential with MSPBots: A Conversation with Callen Sapien appeared first on Seceon Inc.

CSO

NIST Unveils Groundbreaking Post-Quantum Cryptography Standards

SecureWorld News

AUGUST 14, 2024

If you would like to learn more about PQC, SecureWorld recently hosted a Remote Sessions broadcast in which Keyfactor CSO Chris Hickman offered an in-depth primer on PQC fundamentals for practical application. You may view the session on-demand here. Follow SecureWorld News for more stories related to cybersecurity.

Encryption

Encryption CSO System Administration Backups

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection

Threat Detection Authentication Accountability Data breaches

SEC Provides Clarity on Disclosing Material vs. Non-Material Cyber Incidents

SecureWorld News

MAY 23, 2024

And the recent clarifications—focusing on material cybersecurity incidents—is a step in the right direction," said Glenn Kapetansky , CSO, Trexin Group. "In "The SEC's intent in their latest cybersecurity incident disclosure rules—to enhance transparency for investors—is good.

CISO

CISO CSO Risk Cybersecurity

ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures

The Last Watchdog

JULY 8, 2021

Dom Glavach, CSO and chief strategist, CyberSN. There is still conflicting information on how many MSP vendors are impacted but the figure stands at around 40. Though even one compromised MSP could already expose thousands of endpoints.

Ransomware

Ransomware Hacking Software Architecture

Spotlight on Cybersecurity Leaders: Dr. Fred Kwong

SecureWorld News

MAY 29, 2024

A: Arlan McMillian —now CSO at Kirkland & Ellis LLP—was one of my early mentors and helped me understand what it took to be a leader in the cyber community and profession. Q: In honor of our 2024 conference theme, Legacies Untold: Revealing Cybersecurity's Hidden Figures , who is someone that you consider to be a Cyber Hero?

Cybersecurity

Cybersecurity CSO Technology Telecommunications

December 15 Marks Deadline for SEC's New Cyber Disclosure Rules

SecureWorld News

DECEMBER 11, 2023

Understanding the nature of the threat and how to appropriately mitigate that risk should be a shared responsibility, not solely the purview of the CISO or CSO. I would think that boards would want to have that experience, even though it is somewhat difficult to come by.

CISO

CISO Risk Cybersecurity Government

News alert: Simbian launches with $10M to build autonomous, GenAI-powered security platform

The Last Watchdog

APRIL 11, 2024

In addition, 15 of today’s most successful business leaders back the company, including Olivier Pomel, Co-founder and CEO at Datadog; Pankaj Patel, Co-founder and CEO at Nile; Diogo Monica, Co-founder and CEO at Anchorage Digital; Joe Sullivan, former CSO at Facebook, Uber and CloudFlare; Bharat Shah, former CVP of Microsoft Security; Suresh Batchu, (..)

CSO

CSO Marketing Risk CISO

Cybersecurity Snapshot: Tenable Report Warns About Toxic Cloud Exposures, as PwC Study Urges C-Suite Collaboration for Stronger Cyber Resilience

Security Boulevard

OCTOBER 18, 2024

For more information about CISO trends: “ 6 ways the CISO role is evolving today ” (CSO) “ Why the CISO role is so demanding – and how leaders can help ” (IT Pro) “ How to land a corporate board seat as a CISO ” (TechTarget) “ How to ensure cybersecurity strategies align with the company’s risk tolerance ” (CSO) “ CISOs Struggle for C-Suite Status (..)

Cybersecurity

Cybersecurity CISO CSO Risk

Minnesota Passes Data Privacy Law, Joining Growing State Movement

SecureWorld News

MAY 21, 2024

RELATED: Uber CSO Found Guilty: The Sky Is Not Falling. Having dedicated privacy personnel helps centralize expertise, authority, and accountability. " Jaworski added.

Data privacy

Data privacy CISO Small Business CSO

ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks

Tech Republic Security

OCTOBER 21, 2024

CISA advisor Nicole Perlroth closed out ISC2 Security Congress’ keynotes with a wake-up call for security teams to watch for nation-state-sponsored attacks.

Cyber Attacks

Cyber Attacks Big data CSO Healthcare

Spotlight on Cybersecurity Leaders: Ryan Mostiller

SecureWorld News

AUGUST 21, 2024

I really respect Dave Kennedy, who is an extremely successful member of the security community having started two security companies after being a CSO himself. A: Maybe obvious, but the first "hackers" I ever saw was Kevin Mitnick (RIP). Q: Lastly, what are you most looking forward to at your regional SecureWorld conference this year?

Cybersecurity

Cybersecurity Energy and Utilities CISO CSO

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

eSecurity Planet

JANUARY 29, 2024

“The most significant risk for enterprises isn’t the speed at which they are applying critical patches; it comes from not applying the patches on every asset,” noted Brian Contos, CSO of Sevco Security. The simple fact is that most organizations fail to maintain an up-to-date and accurate IT asset inventory.”

Software

Software Authentication CSO Accountability

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

eSecurity Planet

SEPTEMBER 9, 2024

Sevco’s CSO Brian Contos states, “6% of all IT assets have reached EOL, and known but unpatched vulnerabilities are a favorite target for attackers.” The fix: D-Link recommends its retirement and replacement due to the DAP-2310’s End-of-Life (EOL) status.

Firmware

Firmware Backups Firewall Risk

CISO’s Guide to Presenting Cybersecurity to Board Directors

CyberSecurity Insiders

MARCH 30, 2023

Developing a Clear Cybersecurity Strategy As a CISO/CSO, creating and presenting a clear cybersecurity strategy to the board of directors is crucial in fostering awareness of cyber risks and encouraging investment in cybersecurity defense.

Cybersecurity

Cybersecurity Cyber Risk CISO Risk

Cloud computing concentration and systemic risk

Security Boulevard

MAY 21, 2022

I came across an interesting blog post over at Finextra which got me thinking about a topic that has been in the back of my. The post Cloud computing concentration and systemic risk appeared first on Security Boulevard.

Risk

Risk CSO

Walking the Walk: How Tenable Embraces Its “Secure by Design” Pledge to CISA

Security Boulevard

NOVEMBER 25, 2024

Tenable CSO Bob Huber signs CISA's Secure by Design pledge Default passwords The CISA pledge addresses default passwords next, calling on backers to reduce their use of default passwords across their products within one year of signing the pledge.

Passwords

Passwords Software CSO Manufacturing

Why CISOs Are Stepping Away and What the Future Holds

SecureWorld News

DECEMBER 9, 2024

The Chief Information Security Officer (CISO) has become one of the most critical roles in modern organizations. Tasked with safeguarding data and infrastructure, CISOs face mounting pressures as cyber threats escalate, regulatory demands grow, and the role expands to encompass strategic business responsibilities.

CISO

CISO Cyber threats Risk Cybersecurity

Battling Burnout: A Growing Concern for CISOs and Security Professionals

SecureWorld News

JUNE 20, 2024

As defenders of digital assets, Chief Information Security Officers (CISOs) and cybersecurity professionals face immense pressure, often leading to burnout. This phenomenon is not just anecdotal; several studies have highlighted the alarming prevalence of burnout in the cybersecurity industry.

CISO

CISO Cybersecurity Technology Digital transformation

The Relevance of Privacy-Preserving Techniques and Generative AI to DORA Legislation

Thales Cloud Protection & Licensing

OCTOBER 28, 2024

At that time generative AI was not a major consideration and novel privacy-preserving techniques (PPT) were not featured heavily on a CSO 5yr budgetary plan. The world has changed. The responsible use of GenAI, and adoption of PPT play a crucial role in aligning with DORA legislation while safeguarding sensitive data.

Encryption

Encryption Risk Data privacy Artificial Intelligence

People Skills Outweigh Technical Prowess in the Best Security Leaders

SecureWorld News

OCTOBER 5, 2023

Having helped build out many SecureWorld conferences, I have come to realize—likely to no one's surprise—that the best cybersecurity leaders indeed have some technical prowess, but it is their soft skills that make them exceptional leaders.

CISO

CISO Risk Government Cybersecurity

Federal Judge Dismisses Most of SEC Claims Against SolarWinds, CISO

SecureWorld News

JULY 30, 2024

On July 18th, a significant ruling came from a New York federal judge who dismissed most of the claims brought by the U.S. Securities and Exchange Commission (SEC) against SolarWinds Corp. and its Chief CISO, Timothy G.

CISO

CISO Risk Cybersecurity Accountability

Deloitte-NASCIO Study: AI and Cyber Threats Reshape the Landscape

SecureWorld News

OCTOBER 2, 2024

Th e 8th biennial Deloitte-NASCIO Cybersecurity Study reveals a rapidly evolving cybersecurity landscape, with artificial intelligence (AI) and generative AI (GenAI) introducing new challenges. Conducted in spring 2024, the study captures insights from Chief Information Security Officers of all 50 U.S.

Cyber threats

Cyber threats CISO Digital transformation Artificial Intelligence

ChatGPT creates mutating malware that evades detection by EDR

CSO Magazine

JUNE 6, 2023

A global sensation since its initial release at the end of last year, ChatGPT 's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities.

Malware

Malware Cybersecurity

11 penetration testing tools the pros use

CSO Magazine

DECEMBER 13, 2021

A penetration tester, sometimes called an ethical hacker, is a security pro who launches simulated attacks against a client's network or systems in order to seek out vulnerabilities.

Penetration Testing

What is the cost of a data breach?

CSO Magazine

AUGUST 23, 2022

The cost of a data breach is not easy to define, but as more organizations fall victim to attacks and exposures, the potential financial repercussions are becoming clearer. For modern businesses of all shapes and sizes, the monetary impact of suffering a data breach is substantial. million.

Data breaches

What is a botnet? When infected devices attack

CSO Magazine

APRIL 4, 2022

Botnet definition. A botnet is a collection of internet-connected devices that an attacker has compromised to carry out DDoS attacks and other tasks as a swarm. The idea is that each computer becomes a mindless robot in a larger network of identical robots, which gives the word botnet its meaning.

DDOS

DDOS Internet Internet Malware

11 top cloud security threats

CSO Magazine

JULY 4, 2022

Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance's annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. Data breaches and data loss were the top concerns last year," says CSA Global Vice President of Research John Yeoh.

Data breaches

9 video chat apps compared: Which is best for security?

CSO Magazine

DECEMBER 16, 2021

The COVID-19 pandemic forced companies to scramble to accommodate employees suddenly working from home. This required a move to cloud-based infrastructures, mobile applications and good collaboration and conferencing tools. The shift was massive for most firms.

Mobile

4 ways employee home networks and smart devices change your threat model

CSO Magazine

DECEMBER 28, 2021

Many employees at businesses worldwide have been forced to work from home because of COVID-19 related social distancing mandates.

Technology

Hottest new cybersecurity products at RSA 2022

CSO Magazine

JUNE 6, 2022

Every year, global security vendors use the RSA Conference (RSAC) to exhibit new products and capabilities. This year, the show returns as an in-person event (with a virtual component) in San Francisco after going all-virtual in 2021 due to the pandemic.

Cybersecurity

Report finds women are declining CISO/CSO roles

Former Uber CSO found guilty of obstruction in attempted data breach cover-up

Trending Sources

Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach

A Chief Security Concern for Executive Teams

Bug Bounty Programs Are Being Used to Buy Silence

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

What is an ISAC or ISAO? How these cyber threat information sharing organizations improve security

RSAC Fireside Chat: StackHawk helps move the application security needle to ‘shift everywhere’

After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key

CSO’s Perspective: The Okta Breach and What It Means to the Broader Community

Insider risk management: Where your program resides shapes its focus

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

Unlocking New Potential with MSPBots: A Conversation with Callen Sapien

NIST Unveils Groundbreaking Post-Quantum Cryptography Standards

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

SEC Provides Clarity on Disclosing Material vs. Non-Material Cyber Incidents

ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures

Spotlight on Cybersecurity Leaders: Dr. Fred Kwong

December 15 Marks Deadline for SEC's New Cyber Disclosure Rules

News alert: Simbian launches with $10M to build autonomous, GenAI-powered security platform

Cybersecurity Snapshot: Tenable Report Warns About Toxic Cloud Exposures, as PwC Study Urges C-Suite Collaboration for Stronger Cyber Resilience

Minnesota Passes Data Privacy Law, Joining Growing State Movement

ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks

Spotlight on Cybersecurity Leaders: Ryan Mostiller

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

CISO’s Guide to Presenting Cybersecurity to Board Directors

Cloud computing concentration and systemic risk

Walking the Walk: How Tenable Embraces Its “Secure by Design” Pledge to CISA

Why CISOs Are Stepping Away and What the Future Holds

Battling Burnout: A Growing Concern for CISOs and Security Professionals

The Relevance of Privacy-Preserving Techniques and Generative AI to DORA Legislation

People Skills Outweigh Technical Prowess in the Best Security Leaders

Federal Judge Dismisses Most of SEC Claims Against SolarWinds, CISO

Deloitte-NASCIO Study: AI and Cyber Threats Reshape the Landscape

ChatGPT creates mutating malware that evades detection by EDR

11 penetration testing tools the pros use

What is the cost of a data breach?

What is a botnet? When infected devices attack

11 top cloud security threats

9 video chat apps compared: Which is best for security?

4 ways employee home networks and smart devices change your threat model

Hottest new cybersecurity products at RSA 2022

Stay Connected